Facial recognition software has been heralded by many tech companies as the new fingerprint–a simple, reliable means of identity authentication. After all, save a few rare exceptions, you’re the only who looks like you. Unfortunately, as cyber locks become more sophisticated, so do cyber lock picks. And it’s all thanks to Mark Zuckerberg.

Using photographs accessed from Facebook, security and computer vision specialists from the University of North Carolina presented a system that created 3-D facial models that were successful in tricking four out of five facial recognition systems. The demonstration, held earlier this month at the Usenix conference in Austin, consisted of VR-style faces that were rendered in three dimensions and shown on a smartphone’s screen.The dimensions achieved afforded the facial models the depth and motion cues utilized by biometric security systems.

Other research has been dedicated to defeating facial recognition systems, but those experiments used models derived from photographs either taken or collected by researchers. For the sake of their experiment, the UNC team used only pictures resultant from search engines and social media. Some volunteers claimed to be mindful of their cyber privacy, but researchers were able to retrieve at least three pictures for each participant.

Five authentication systems were used in the presentation: KeyLemon, Mobius, TrueKey, BioID, and 1D, all of which are available from consumer software vendors like the iTunes Store and Google Play Store and used for safeguarding date and locking cellular devices. Researchers tricked four out of five of these systems, with success rates ranging from 55 percent to 85 percent. And since your facial characteristics tend to stay static, if your biometric data is hacked, it can be easily exploited. So until better security tools are invented, password1234 may very well be your best protection against identity theft.